diff options
| author | Damien Miller <djm@mindrot.org> | 2003-05-15 12:05:28 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2003-05-15 12:05:28 +1000 |
| commit | 2aa0ab463f479649760110ca52fa341880c5ae3a (patch) | |
| tree | 4b6a778cc687b5e87e40ae2decba2184b124c09e | |
| parent | f842fcb296b9fbc0de905837c6074c732db550e5 (diff) | |
- jakob@cvs.openbsd.org 2003/05/15 01:48:10
[readconf.c readconf.h servconf.c servconf.h]
always parse kerberos options. ok djm@ markus@
- (djm) Always parse UsePAM
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | readconf.c | 40 | ||||
| -rw-r--r-- | readconf.h | 8 | ||||
| -rw-r--r-- | servconf.c | 45 | ||||
| -rw-r--r-- | servconf.h | 8 | ||||
| -rw-r--r-- | sshd_config | 5 |
6 files changed, 22 insertions, 90 deletions
| @@ -16,6 +16,10 @@ | |||
| 16 | - markus@cvs.openbsd.org 2003/05/15 00:28:28 | 16 | - markus@cvs.openbsd.org 2003/05/15 00:28:28 |
| 17 | [sshconnect2.c] | 17 | [sshconnect2.c] |
| 18 | cleanup unregister of per-method packet handlers; ok djm@ | 18 | cleanup unregister of per-method packet handlers; ok djm@ |
| 19 | - jakob@cvs.openbsd.org 2003/05/15 01:48:10 | ||
| 20 | [readconf.c readconf.h servconf.c servconf.h] | ||
| 21 | always parse kerberos options. ok djm@ markus@ | ||
| 22 | - (djm) Always parse UsePAM | ||
| 19 | - (djm) Configure glue for DNS support (code doesn't work in portable yet) | 23 | - (djm) Configure glue for DNS support (code doesn't work in portable yet) |
| 20 | 24 | ||
| 21 | 20030514 | 25 | 20030514 |
| @@ -1492,4 +1496,4 @@ | |||
| 1492 | save auth method before monitor_reset_key_state(); bugzilla bug #284; | 1496 | save auth method before monitor_reset_key_state(); bugzilla bug #284; |
| 1493 | ok provos@ | 1497 | ok provos@ |
| 1494 | 1498 | ||
| 1495 | $Id: ChangeLog,v 1.2705 2003/05/15 02:01:28 djm Exp $ | 1499 | $Id: ChangeLog,v 1.2706 2003/05/15 02:05:28 djm Exp $ |
diff --git a/readconf.c b/readconf.c index c9c463b29..4c5d44859 100644 --- a/readconf.c +++ b/readconf.c | |||
| @@ -12,7 +12,7 @@ | |||
| 12 | */ | 12 | */ |
| 13 | 13 | ||
| 14 | #include "includes.h" | 14 | #include "includes.h" |
| 15 | RCSID("$OpenBSD: readconf.c,v 1.107 2003/05/14 18:16:20 jakob Exp $"); | 15 | RCSID("$OpenBSD: readconf.c,v 1.108 2003/05/15 01:48:10 jakob Exp $"); |
| 16 | 16 | ||
| 17 | #include "ssh.h" | 17 | #include "ssh.h" |
| 18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
| @@ -94,15 +94,7 @@ typedef enum { | |||
| 94 | oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication, | 94 | oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication, |
| 95 | oPasswordAuthentication, oRSAAuthentication, | 95 | oPasswordAuthentication, oRSAAuthentication, |
| 96 | oChallengeResponseAuthentication, oXAuthLocation, | 96 | oChallengeResponseAuthentication, oXAuthLocation, |
| 97 | #if defined(KRB4) || defined(KRB5) | 97 | oKerberosAuthentication, oKerberosTgtPassing, oAFSTokenPassing, |
| 98 | oKerberosAuthentication, | ||
| 99 | #endif | ||
| 100 | #if defined(AFS) || defined(KRB5) | ||
| 101 | oKerberosTgtPassing, | ||
| 102 | #endif | ||
| 103 | #ifdef AFS | ||
| 104 | oAFSTokenPassing, | ||
| 105 | #endif | ||
| 106 | oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, | 98 | oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, |
| 107 | oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, | 99 | oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, |
| 108 | oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, | 100 | oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, |
| @@ -141,15 +133,9 @@ static struct { | |||
| 141 | { "challengeresponseauthentication", oChallengeResponseAuthentication }, | 133 | { "challengeresponseauthentication", oChallengeResponseAuthentication }, |
| 142 | { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */ | 134 | { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */ |
| 143 | { "tisauthentication", oChallengeResponseAuthentication }, /* alias */ | 135 | { "tisauthentication", oChallengeResponseAuthentication }, /* alias */ |
| 144 | #if defined(KRB4) || defined(KRB5) | ||
| 145 | { "kerberosauthentication", oKerberosAuthentication }, | 136 | { "kerberosauthentication", oKerberosAuthentication }, |
| 146 | #endif | ||
| 147 | #if defined(AFS) || defined(KRB5) | ||
| 148 | { "kerberostgtpassing", oKerberosTgtPassing }, | 137 | { "kerberostgtpassing", oKerberosTgtPassing }, |
| 149 | #endif | ||
| 150 | #ifdef AFS | ||
| 151 | { "afstokenpassing", oAFSTokenPassing }, | 138 | { "afstokenpassing", oAFSTokenPassing }, |
| 152 | #endif | ||
| 153 | { "fallbacktorsh", oDeprecated }, | 139 | { "fallbacktorsh", oDeprecated }, |
| 154 | { "usersh", oDeprecated }, | 140 | { "usersh", oDeprecated }, |
| 155 | { "identityfile", oIdentityFile }, | 141 | { "identityfile", oIdentityFile }, |
| @@ -370,21 +356,19 @@ parse_flag: | |||
| 370 | case oChallengeResponseAuthentication: | 356 | case oChallengeResponseAuthentication: |
| 371 | intptr = &options->challenge_response_authentication; | 357 | intptr = &options->challenge_response_authentication; |
| 372 | goto parse_flag; | 358 | goto parse_flag; |
| 373 | #if defined(KRB4) || defined(KRB5) | 359 | |
| 374 | case oKerberosAuthentication: | 360 | case oKerberosAuthentication: |
| 375 | intptr = &options->kerberos_authentication; | 361 | intptr = &options->kerberos_authentication; |
| 376 | goto parse_flag; | 362 | goto parse_flag; |
| 377 | #endif | 363 | |
| 378 | #if defined(AFS) || defined(KRB5) | ||
| 379 | case oKerberosTgtPassing: | 364 | case oKerberosTgtPassing: |
| 380 | intptr = &options->kerberos_tgt_passing; | 365 | intptr = &options->kerberos_tgt_passing; |
| 381 | goto parse_flag; | 366 | goto parse_flag; |
| 382 | #endif | 367 | |
| 383 | #ifdef AFS | ||
| 384 | case oAFSTokenPassing: | 368 | case oAFSTokenPassing: |
| 385 | intptr = &options->afs_token_passing; | 369 | intptr = &options->afs_token_passing; |
| 386 | goto parse_flag; | 370 | goto parse_flag; |
| 387 | #endif | 371 | |
| 388 | case oBatchMode: | 372 | case oBatchMode: |
| 389 | intptr = &options->batch_mode; | 373 | intptr = &options->batch_mode; |
| 390 | goto parse_flag; | 374 | goto parse_flag; |
| @@ -786,15 +770,9 @@ initialize_options(Options * options) | |||
| 786 | options->rsa_authentication = -1; | 770 | options->rsa_authentication = -1; |
| 787 | options->pubkey_authentication = -1; | 771 | options->pubkey_authentication = -1; |
| 788 | options->challenge_response_authentication = -1; | 772 | options->challenge_response_authentication = -1; |
| 789 | #if defined(KRB4) || defined(KRB5) | ||
| 790 | options->kerberos_authentication = -1; | 773 | options->kerberos_authentication = -1; |
| 791 | #endif | ||
| 792 | #if defined(AFS) || defined(KRB5) | ||
| 793 | options->kerberos_tgt_passing = -1; | 774 | options->kerberos_tgt_passing = -1; |
| 794 | #endif | ||
| 795 | #ifdef AFS | ||
| 796 | options->afs_token_passing = -1; | 775 | options->afs_token_passing = -1; |
| 797 | #endif | ||
| 798 | options->password_authentication = -1; | 776 | options->password_authentication = -1; |
| 799 | options->kbd_interactive_authentication = -1; | 777 | options->kbd_interactive_authentication = -1; |
| 800 | options->kbd_interactive_devices = NULL; | 778 | options->kbd_interactive_devices = NULL; |
| @@ -865,18 +843,12 @@ fill_default_options(Options * options) | |||
| 865 | options->pubkey_authentication = 1; | 843 | options->pubkey_authentication = 1; |
| 866 | if (options->challenge_response_authentication == -1) | 844 | if (options->challenge_response_authentication == -1) |
| 867 | options->challenge_response_authentication = 1; | 845 | options->challenge_response_authentication = 1; |
| 868 | #if defined(KRB4) || defined(KRB5) | ||
| 869 | if (options->kerberos_authentication == -1) | 846 | if (options->kerberos_authentication == -1) |
| 870 | options->kerberos_authentication = 1; | 847 | options->kerberos_authentication = 1; |
| 871 | #endif | ||
| 872 | #if defined(AFS) || defined(KRB5) | ||
| 873 | if (options->kerberos_tgt_passing == -1) | 848 | if (options->kerberos_tgt_passing == -1) |
| 874 | options->kerberos_tgt_passing = 1; | 849 | options->kerberos_tgt_passing = 1; |
| 875 | #endif | ||
| 876 | #ifdef AFS | ||
| 877 | if (options->afs_token_passing == -1) | 850 | if (options->afs_token_passing == -1) |
| 878 | options->afs_token_passing = 1; | 851 | options->afs_token_passing = 1; |
| 879 | #endif | ||
| 880 | if (options->password_authentication == -1) | 852 | if (options->password_authentication == -1) |
| 881 | options->password_authentication = 1; | 853 | options->password_authentication = 1; |
| 882 | if (options->kbd_interactive_authentication == -1) | 854 | if (options->kbd_interactive_authentication == -1) |
diff --git a/readconf.h b/readconf.h index d141b8c00..991e20091 100644 --- a/readconf.h +++ b/readconf.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: readconf.h,v 1.48 2003/05/14 18:16:20 jakob Exp $ */ | 1 | /* $OpenBSD: readconf.h,v 1.49 2003/05/15 01:48:10 jakob Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| @@ -41,15 +41,9 @@ typedef struct { | |||
| 41 | int hostbased_authentication; /* ssh2's rhosts_rsa */ | 41 | int hostbased_authentication; /* ssh2's rhosts_rsa */ |
| 42 | int challenge_response_authentication; | 42 | int challenge_response_authentication; |
| 43 | /* Try S/Key or TIS, authentication. */ | 43 | /* Try S/Key or TIS, authentication. */ |
| 44 | #if defined(KRB4) || defined(KRB5) | ||
| 45 | int kerberos_authentication; /* Try Kerberos authentication. */ | 44 | int kerberos_authentication; /* Try Kerberos authentication. */ |
| 46 | #endif | ||
| 47 | #if defined(AFS) || defined(KRB5) | ||
| 48 | int kerberos_tgt_passing; /* Try Kerberos TGT passing. */ | 45 | int kerberos_tgt_passing; /* Try Kerberos TGT passing. */ |
| 49 | #endif | ||
| 50 | #ifdef AFS | ||
| 51 | int afs_token_passing; /* Try AFS token passing. */ | 46 | int afs_token_passing; /* Try AFS token passing. */ |
| 52 | #endif | ||
| 53 | int password_authentication; /* Try password | 47 | int password_authentication; /* Try password |
| 54 | * authentication. */ | 48 | * authentication. */ |
| 55 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ | 49 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ |
diff --git a/servconf.c b/servconf.c index fbdc4d8fa..5076c5df6 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | */ | 10 | */ |
| 11 | 11 | ||
| 12 | #include "includes.h" | 12 | #include "includes.h" |
| 13 | RCSID("$OpenBSD: servconf.c,v 1.118 2003/04/09 08:23:52 hin Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.119 2003/05/15 01:48:10 jakob Exp $"); |
| 14 | 14 | ||
| 15 | #if defined(KRB4) | 15 | #if defined(KRB4) |
| 16 | #include <krb.h> | 16 | #include <krb.h> |
| @@ -59,10 +59,8 @@ initialize_server_options(ServerOptions *options) | |||
| 59 | { | 59 | { |
| 60 | memset(options, 0, sizeof(*options)); | 60 | memset(options, 0, sizeof(*options)); |
| 61 | 61 | ||
| 62 | #ifdef USE_PAM | ||
| 63 | /* Portable-specific options */ | 62 | /* Portable-specific options */ |
| 64 | options->use_pam = -1; | 63 | options->use_pam = -1; |
| 65 | #endif | ||
| 66 | 64 | ||
| 67 | /* Standard Options */ | 65 | /* Standard Options */ |
| 68 | options->num_ports = 0; | 66 | options->num_ports = 0; |
| @@ -92,17 +90,11 @@ initialize_server_options(ServerOptions *options) | |||
| 92 | options->hostbased_uses_name_from_packet_only = -1; | 90 | options->hostbased_uses_name_from_packet_only = -1; |
| 93 | options->rsa_authentication = -1; | 91 | options->rsa_authentication = -1; |
| 94 | options->pubkey_authentication = -1; | 92 | options->pubkey_authentication = -1; |
| 95 | #if defined(KRB4) || defined(KRB5) | ||
| 96 | options->kerberos_authentication = -1; | 93 | options->kerberos_authentication = -1; |
| 97 | options->kerberos_or_local_passwd = -1; | 94 | options->kerberos_or_local_passwd = -1; |
| 98 | options->kerberos_ticket_cleanup = -1; | 95 | options->kerberos_ticket_cleanup = -1; |
| 99 | #endif | ||
| 100 | #if defined(AFS) || defined(KRB5) | ||
| 101 | options->kerberos_tgt_passing = -1; | 96 | options->kerberos_tgt_passing = -1; |
| 102 | #endif | ||
| 103 | #ifdef AFS | ||
| 104 | options->afs_token_passing = -1; | 97 | options->afs_token_passing = -1; |
| 105 | #endif | ||
| 106 | options->password_authentication = -1; | 98 | options->password_authentication = -1; |
| 107 | options->kbd_interactive_authentication = -1; | 99 | options->kbd_interactive_authentication = -1; |
| 108 | options->challenge_response_authentication = -1; | 100 | options->challenge_response_authentication = -1; |
| @@ -138,10 +130,8 @@ void | |||
| 138 | fill_default_server_options(ServerOptions *options) | 130 | fill_default_server_options(ServerOptions *options) |
| 139 | { | 131 | { |
| 140 | /* Portable-specific options */ | 132 | /* Portable-specific options */ |
| 141 | #ifdef USE_PAM | ||
| 142 | if (options->use_pam == -1) | 133 | if (options->use_pam == -1) |
| 143 | options->use_pam = 1; | 134 | options->use_pam = 0; |
| 144 | #endif | ||
| 145 | 135 | ||
| 146 | /* Standard Options */ | 136 | /* Standard Options */ |
| 147 | if (options->protocol == SSH_PROTO_UNKNOWN) | 137 | if (options->protocol == SSH_PROTO_UNKNOWN) |
| @@ -208,22 +198,16 @@ fill_default_server_options(ServerOptions *options) | |||
| 208 | options->rsa_authentication = 1; | 198 | options->rsa_authentication = 1; |
| 209 | if (options->pubkey_authentication == -1) | 199 | if (options->pubkey_authentication == -1) |
| 210 | options->pubkey_authentication = 1; | 200 | options->pubkey_authentication = 1; |
| 211 | #if defined(KRB4) || defined(KRB5) | ||
| 212 | if (options->kerberos_authentication == -1) | 201 | if (options->kerberos_authentication == -1) |
| 213 | options->kerberos_authentication = 0; | 202 | options->kerberos_authentication = 0; |
| 214 | if (options->kerberos_or_local_passwd == -1) | 203 | if (options->kerberos_or_local_passwd == -1) |
| 215 | options->kerberos_or_local_passwd = 1; | 204 | options->kerberos_or_local_passwd = 1; |
| 216 | if (options->kerberos_ticket_cleanup == -1) | 205 | if (options->kerberos_ticket_cleanup == -1) |
| 217 | options->kerberos_ticket_cleanup = 1; | 206 | options->kerberos_ticket_cleanup = 1; |
| 218 | #endif | ||
| 219 | #if defined(AFS) || defined(KRB5) | ||
| 220 | if (options->kerberos_tgt_passing == -1) | 207 | if (options->kerberos_tgt_passing == -1) |
| 221 | options->kerberos_tgt_passing = 0; | 208 | options->kerberos_tgt_passing = 0; |
| 222 | #endif | ||
| 223 | #ifdef AFS | ||
| 224 | if (options->afs_token_passing == -1) | 209 | if (options->afs_token_passing == -1) |
| 225 | options->afs_token_passing = 0; | 210 | options->afs_token_passing = 0; |
| 226 | #endif | ||
| 227 | if (options->password_authentication == -1) | 211 | if (options->password_authentication == -1) |
| 228 | options->password_authentication = 1; | 212 | options->password_authentication = 1; |
| 229 | if (options->kbd_interactive_authentication == -1) | 213 | if (options->kbd_interactive_authentication == -1) |
| @@ -288,16 +272,8 @@ typedef enum { | |||
| 288 | sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, | 272 | sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, |
| 289 | sPermitRootLogin, sLogFacility, sLogLevel, | 273 | sPermitRootLogin, sLogFacility, sLogLevel, |
| 290 | sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, | 274 | sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, |
| 291 | #if defined(KRB4) || defined(KRB5) | ||
| 292 | sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, | 275 | sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, |
| 293 | #endif | 276 | sKerberosTgtPassing, sAFSTokenPassing, sChallengeResponseAuthentication, |
| 294 | #if defined(AFS) || defined(KRB5) | ||
| 295 | sKerberosTgtPassing, | ||
| 296 | #endif | ||
| 297 | #ifdef AFS | ||
| 298 | sAFSTokenPassing, | ||
| 299 | #endif | ||
| 300 | sChallengeResponseAuthentication, | ||
| 301 | sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, | 277 | sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, |
| 302 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, | 278 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
| 303 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, | 279 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
| @@ -338,17 +314,11 @@ static struct { | |||
| 338 | { "rsaauthentication", sRSAAuthentication }, | 314 | { "rsaauthentication", sRSAAuthentication }, |
| 339 | { "pubkeyauthentication", sPubkeyAuthentication }, | 315 | { "pubkeyauthentication", sPubkeyAuthentication }, |
| 340 | { "dsaauthentication", sPubkeyAuthentication }, /* alias */ | 316 | { "dsaauthentication", sPubkeyAuthentication }, /* alias */ |
| 341 | #if defined(KRB4) || defined(KRB5) | ||
| 342 | { "kerberosauthentication", sKerberosAuthentication }, | 317 | { "kerberosauthentication", sKerberosAuthentication }, |
| 343 | { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, | 318 | { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, |
| 344 | { "kerberosticketcleanup", sKerberosTicketCleanup }, | 319 | { "kerberosticketcleanup", sKerberosTicketCleanup }, |
| 345 | #endif | ||
| 346 | #if defined(AFS) || defined(KRB5) | ||
| 347 | { "kerberostgtpassing", sKerberosTgtPassing }, | 320 | { "kerberostgtpassing", sKerberosTgtPassing }, |
| 348 | #endif | ||
| 349 | #ifdef AFS | ||
| 350 | { "afstokenpassing", sAFSTokenPassing }, | 321 | { "afstokenpassing", sAFSTokenPassing }, |
| 351 | #endif | ||
| 352 | { "passwordauthentication", sPasswordAuthentication }, | 322 | { "passwordauthentication", sPasswordAuthentication }, |
| 353 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, | 323 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, |
| 354 | { "challengeresponseauthentication", sChallengeResponseAuthentication }, | 324 | { "challengeresponseauthentication", sChallengeResponseAuthentication }, |
| @@ -653,7 +623,7 @@ parse_flag: | |||
| 653 | case sPubkeyAuthentication: | 623 | case sPubkeyAuthentication: |
| 654 | intptr = &options->pubkey_authentication; | 624 | intptr = &options->pubkey_authentication; |
| 655 | goto parse_flag; | 625 | goto parse_flag; |
| 656 | #if defined(KRB4) || defined(KRB5) | 626 | |
| 657 | case sKerberosAuthentication: | 627 | case sKerberosAuthentication: |
| 658 | intptr = &options->kerberos_authentication; | 628 | intptr = &options->kerberos_authentication; |
| 659 | goto parse_flag; | 629 | goto parse_flag; |
| @@ -665,17 +635,14 @@ parse_flag: | |||
| 665 | case sKerberosTicketCleanup: | 635 | case sKerberosTicketCleanup: |
| 666 | intptr = &options->kerberos_ticket_cleanup; | 636 | intptr = &options->kerberos_ticket_cleanup; |
| 667 | goto parse_flag; | 637 | goto parse_flag; |
| 668 | #endif | 638 | |
| 669 | #if defined(AFS) || defined(KRB5) | ||
| 670 | case sKerberosTgtPassing: | 639 | case sKerberosTgtPassing: |
| 671 | intptr = &options->kerberos_tgt_passing; | 640 | intptr = &options->kerberos_tgt_passing; |
| 672 | goto parse_flag; | 641 | goto parse_flag; |
| 673 | #endif | 642 | |
| 674 | #ifdef AFS | ||
| 675 | case sAFSTokenPassing: | 643 | case sAFSTokenPassing: |
| 676 | intptr = &options->afs_token_passing; | 644 | intptr = &options->afs_token_passing; |
| 677 | goto parse_flag; | 645 | goto parse_flag; |
| 678 | #endif | ||
| 679 | 646 | ||
| 680 | case sPasswordAuthentication: | 647 | case sPasswordAuthentication: |
| 681 | intptr = &options->password_authentication; | 648 | intptr = &options->password_authentication; |
diff --git a/servconf.h b/servconf.h index afa80675e..4ad1ee7be 100644 --- a/servconf.h +++ b/servconf.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: servconf.h,v 1.59 2002/07/30 17:03:55 markus Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.60 2003/05/15 01:48:10 jakob Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| @@ -73,7 +73,6 @@ typedef struct { | |||
| 73 | int hostbased_uses_name_from_packet_only; /* experimental */ | 73 | int hostbased_uses_name_from_packet_only; /* experimental */ |
| 74 | int rsa_authentication; /* If true, permit RSA authentication. */ | 74 | int rsa_authentication; /* If true, permit RSA authentication. */ |
| 75 | int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ | 75 | int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */ |
| 76 | #if defined(KRB4) || defined(KRB5) | ||
| 77 | int kerberos_authentication; /* If true, permit Kerberos | 76 | int kerberos_authentication; /* If true, permit Kerberos |
| 78 | * authentication. */ | 77 | * authentication. */ |
| 79 | int kerberos_or_local_passwd; /* If true, permit kerberos | 78 | int kerberos_or_local_passwd; /* If true, permit kerberos |
| @@ -83,14 +82,9 @@ typedef struct { | |||
| 83 | * /etc/passwd */ | 82 | * /etc/passwd */ |
| 84 | int kerberos_ticket_cleanup; /* If true, destroy ticket | 83 | int kerberos_ticket_cleanup; /* If true, destroy ticket |
| 85 | * file on logout. */ | 84 | * file on logout. */ |
| 86 | #endif | ||
| 87 | #if defined(AFS) || defined(KRB5) | ||
| 88 | int kerberos_tgt_passing; /* If true, permit Kerberos TGT | 85 | int kerberos_tgt_passing; /* If true, permit Kerberos TGT |
| 89 | * passing. */ | 86 | * passing. */ |
| 90 | #endif | ||
| 91 | #ifdef AFS | ||
| 92 | int afs_token_passing; /* If true, permit AFS token passing. */ | 87 | int afs_token_passing; /* If true, permit AFS token passing. */ |
| 93 | #endif | ||
| 94 | int password_authentication; /* If true, permit password | 88 | int password_authentication; /* If true, permit password |
| 95 | * authentication. */ | 89 | * authentication. */ |
| 96 | int kbd_interactive_authentication; /* If true, permit */ | 90 | int kbd_interactive_authentication; /* If true, permit */ |
diff --git a/sshd_config b/sshd_config index 36429c9d0..57a1f2bec 100644 --- a/sshd_config +++ b/sshd_config | |||
| @@ -69,9 +69,10 @@ | |||
| 69 | # Kerberos TGT Passing only works with the AFS kaserver | 69 | # Kerberos TGT Passing only works with the AFS kaserver |
| 70 | #KerberosTgtPassing no | 70 | #KerberosTgtPassing no |
| 71 | 71 | ||
| 72 | # Set this to 'yes' to enable PAM keyboard-interactive authentication | 72 | # Set this to 'yes' to enable PAM authentication (via challenge-response) |
| 73 | # and session processing | ||
| 73 | # Warning: enabling this may bypass the setting of 'PasswordAuthentication' | 74 | # Warning: enabling this may bypass the setting of 'PasswordAuthentication' |
| 74 | #PAMAuthenticationViaKbdInt no | 75 | #UsePAM no |
| 75 | 76 | ||
| 76 | #X11Forwarding no | 77 | #X11Forwarding no |
| 77 | #X11DisplayOffset 10 | 78 | #X11DisplayOffset 10 |